The Kazakhstan-born Canadian citizen Karim Baratov (22) (Kay, a.k.a Karim Taloverov, a.k.a Karim Akehmet Tokbergenov), has pleaded guilty to massive 2014 Yahoo data breach that affected three billion accounts.
Karim Baratov was arrested in Toronto at his home by the Toronto Police Department in March.
In the federal district court in San Francisco on Tuesday, Baratov admitted to helping the Russian intelligence and pleaded guilty to a total of nine counts, including:
“As part of his plea agreement, Baratov not only admitted to his hacking activities on behalf of his co-conspirators in the FSB, but also to hacking more than 11,000 webmail accounts in total on behalf of the FSB conspirators and other customers from in or around 2010 until his March 2017 arrest by Canadian authorities. Baratov advertised his services through a network of primarily Russian-language hacker-for-hire web pages hosted on servers around the world.” reads the press release published by the Department of Justice.
“He admitted that he generally spearphished his victims, sending them emails from accounts he established to appear to belong to the webmail provider at which the victim’s account was hosted (such as Google or Yandex). Baratov’s spearphishing emails tricked victims into (i) visiting web pages he constructed to appear legitimate, as though they belonged to the victims’ webmail providers and (ii) entering their account credentials into those web pages. Once Baratov collected the victims’ account credentials, he sent his customers screen shots of the victims’ account contents to prove that he had obtained access and, upon receipt of payment, provided his customers the victims’ log-in credentials.”
In March, the US Justice Department charged two Russian intelligence officers (Dmitry Dokuchaev and Igor Sushchin) from Russia’s Federal Security Service (FSB) and two hackers (Alexsey Belan and Karim Baratov) for breaking into Yahoo servers in 2014.
Unlike Baratov, the hacker Alexsey Belan and both FSB officers currently reside in Russia.
According to prosecutors, the Russian Intelligence agency FSB directed the Yahoo hack and hired Baratov to target persons of interest to the FSB (i.e. Journalists, government officials, and technology company employees) that were using email accounts different from Yahoo ones.
“Baratov’s role in the charged conspiracy was to hack webmail accounts of individuals of interest to the FSB and send those accounts’ passwords to Dokuchaev in exchange for money,” his plea agreement reads.
Baratov’s lawyers tried to change the position of the man, they said that at the time of the hack, Baratov had no idea he was working with Russian intelligence.
Baratov hacked at least 80 non-Yahoo email accounts, including at least 50 Google accounts, he used spear phsting attack to trick victims into providing their credentials.
Baratov’s sentencing hearing will be held on 20th February next year in federal district court in San Francisco. The man could face up to 87 months in jail for the first charge and 24 months for the identity theft charges.
“These threats are even more insidious when cybercriminals such as Baratov are employed by foreign government agencies acting outside the rule of law.” US Attorney Brian Stretch said.
Baratov has also agreed to pay restitution to the affected Yahoo users and a fine up to $2,250,000 (at $250,000 per count).
(Security Affairs – 2014 Yahoo hack, DoJ)